Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] sFTP problem with SSH_AUTH_SOCK ?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3802
Location: Hamburg

PostPosted: Wed Jul 15, 2020 11:15 am    Post subject: [solved] sFTP problem with SSH_AUTH_SOCK ? Reply with quote

Today I realized, that my sftp (net-misc/openssh-8.1_p1-r3 + LibreSSL 3.2.0, tested net-misc/openssh-8.3_p1-r2 too) access to my website won't work any longer. A work around is either
Code:
unset SSH_AUTH_SOCK
or
Code:
sftp -o PreferredAuthentications=password
Now I do wonder about the root cause ?

Here's the debug if it fails:
Code:
$  sftp -vv zwiebes@www.zwiebeltoralf.de
OpenSSH_8.1p1, LibreSSL 3.2.0
debug1: Reading configuration data /home/tfoerste/.ssh/config
debug1: /home/tfoerste/.ssh/config line 37: Applying options for www.zwiebeltoralf.de
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "www.zwiebeltoralf.de" port 22
debug2: ssh_connect_direct
debug1: Connecting to www.zwiebeltoralf.de [78.47.199.85] port 22.
debug1: Connection established.
debug1: identity file /home/tfoerste/.ssh/id_ed25519 type 3
debug1: identity file /home/tfoerste/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version mod_sftp
debug1: no match: mod_sftp
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to www.zwiebeltoralf.de:22 as 'zwiebes'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes192-ctr,aes256-ctr,aes128-ctr,aes192-cbc,aes256-cbc,aes128-cbc
debug2: ciphers stoc: aes192-ctr,aes256-ctr,aes128-ctr,aes192-cbc,aes256-cbc,aes128-cbc
debug2: MACs ctos: hmac-sha2-512,hmac-sha2-256,hmac-sha1
debug2: MACs stoc: hmac-sha2-512,hmac-sha2-256,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:GMbQCJUIvCTWmfdGOjbRmhYi8LdPIrK219mOWNSpoSg
debug1: Host 'www.zwiebeltoralf.de' is known and matches the RSA host key.
debug1: Found key in /home/tfoerste/.ssh/known_hosts:20
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/tfoerste/.ssh/id_ed25519 ED25519 SHA256:H7Rl8OShjUdLmaItsuIBt6sg44mhm6WLpXDoAAGVYck explicit agent
debug1: Will attempt key: /home/tfoerste/hlag/.ssh/id_rsa RSA SHA256:CFFvfnOF0twNePNl4SEUfK3UYcVdok3lcjRByKFu7cg agent
debug1: Will attempt key: /home/tfoerste/.ssh/id_rsa-gentoo RSA SHA256:F10jKBs8D6OTeq+afIxgrfdkWNpliVnUSdyTsG05UP8 agent
debug1: Will attempt key: /home/tfoerste/.ssh/id_rsa-git RSA SHA256:0x+umkyb9RYASDtNJ+280PII+2aFbmyAMDvIwNgh6bM agent
debug1: Will attempt key: /home/tfoerste/.ssh/id_rsa-kvm RSA SHA256:shLZ2PU4MGlaz4JZ5jSWXVp/waiXgKtEdH/fOWuvzdQ agent
debug1: Will attempt key: /home/tfoerste/.ssh/id_rsa-n22 RSA SHA256:JOyhKxIGyKw/lTmuNUELgylq4lyHQt1WD5us3jCwZs4 agent
debug2: pubkey_prepare: done
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/tfoerste/.ssh/id_ed25519 ED25519 SHA256:H7Rl8OShjUdLmaItsuIBt6sg44mhm6WLpXDoAAGVYck explicit agent
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/tfoerste/hlag/.ssh/id_rsa RSA SHA256:CFFvfnOF0twNePNl4SEUfK3UYcVdok3lcjRByKFu7cg agent
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: /home/tfoerste/hlag/.ssh/id_rsa RSA SHA256:CFFvfnOF0twNePNl4SEUfK3UYcVdok3lcjRByKFu7cg agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/tfoerste/.ssh/id_rsa-gentoo RSA SHA256:F10jKBs8D6OTeq+afIxgrfdkWNpliVnUSdyTsG05UP8 agent
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: /home/tfoerste/.ssh/id_rsa-gentoo RSA SHA256:F10jKBs8D6OTeq+afIxgrfdkWNpliVnUSdyTsG05UP8 agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/tfoerste/.ssh/id_rsa-git RSA SHA256:0x+umkyb9RYASDtNJ+280PII+2aFbmyAMDvIwNgh6bM agent
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: /home/tfoerste/.ssh/id_rsa-git RSA SHA256:0x+umkyb9RYASDtNJ+280PII+2aFbmyAMDvIwNgh6bM agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/tfoerste/.ssh/id_rsa-kvm RSA SHA256:shLZ2PU4MGlaz4JZ5jSWXVp/waiXgKtEdH/fOWuvzdQ agent
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: /home/tfoerste/.ssh/id_rsa-kvm RSA SHA256:shLZ2PU4MGlaz4JZ5jSWXVp/waiXgKtEdH/fOWuvzdQ agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/tfoerste/.ssh/id_rsa-n22 RSA SHA256:JOyhKxIGyKw/lTmuNUELgylq4lyHQt1WD5us3jCwZs4 agent
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: /home/tfoerste/.ssh/id_rsa-n22 RSA SHA256:JOyhKxIGyKw/lTmuNUELgylq4lyHQt1WD5us3jCwZs4 agent
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
zwiebes@www.zwiebeltoralf.de's password:
debug2: we sent a password packet, wait for reply
Received disconnect from 78.47.199.85 port 22:11: Application error
Disconnected from 78.47.199.85 port 22
Connection closed
Connection closed. 
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3802
Location: Hamburg

PostPosted: Wed Jul 15, 2020 12:36 pm    Post subject: Reply with quote

Solved/circumvented by adding "PreferredAuthentications keyboard-interactive,password" to .ssh/config
(and "IdentitiesOnly yes" was now added too)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum